Forum Discussion

Taen keren's avatar
Taen keren
Steel Contributor
Oct 14, 2019

Confused - need clarification

I've read this article regarding  Send mail from Multiple devices/application 

 

Option 1 is the MS 'Recommended' one - but then there's this kind of "disclaimer" in the bottom: 

 

"If you happen to have an on-premises email server, you should seriously consider using that server for SMTP relay instead of Office 365"

 

Why should one "seriously consider" this? - what's 'wrong' with option 1?  

 

In this related article https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-configure-iis-for-relay-with-office-365 

Are the IIS option considered as the 'best solution' in 'relaying' towards O365? 

 

Looking for the 'Best' solution possible - security-wise  

 

admin
microsoft 365
security
  • ChrisHoardMVP's avatar
    ChrisHoardMVP
    Oct 14, 2019
    Hi Taen keren,

    With SMTP services it is traditionally recommended to repurpose an old on premise Exchange (if in hybrid) or use a cloud server like Hyper V/Azure as it takes the load off of 365 and you have greater management (having access to IIS etc). These would then sit behind a smart host such as Mimecast to protect the domain (s) against blacklisting.

    In security terms both are secure whether you go through 365 or spin up a VM with IIS. Just make sure if it’s the second option to lock down open relaying! Oh, forgot to add that the second option of the VM does have the benefit of permitting non-auth SMTP too whereas 365 does not - this is good for legacy devices and apps!

    Had much fun with this in the past as you can tell! ;D

    Hope that answers your question!

    Best, Chris
  • ChrisHoardMVP's avatar
    ChrisHoardMVP
    MVP
    Oct 14, 2019
    Hi Taen keren,

    With SMTP services it is traditionally recommended to repurpose an old on premise Exchange (if in hybrid) or use a cloud server like Hyper V/Azure as it takes the load off of 365 and you have greater management (having access to IIS etc). These would then sit behind a smart host such as Mimecast to protect the domain (s) against blacklisting.

    In security terms both are secure whether you go through 365 or spin up a VM with IIS. Just make sure if it’s the second option to lock down open relaying! Oh, forgot to add that the second option of the VM does have the benefit of permitting non-auth SMTP too whereas 365 does not - this is good for legacy devices and apps!

    Had much fun with this in the past as you can tell! ;D

    Hope that answers your question!

    Best, Chris

Resources